Releases: SonarSource/sonar-dotnet
9.20
Hey everyone!
This release brings a vast number of improvements. The main focus lies on improving the capabilities of our Symbolic Execution engine, which results in much more accurate findings. The biggest visible impact is a significant reduction in false positives around loops for the rules S2583 and S2589.
And a big thank you to @rcatley for their external contribution!
Bug Fixes
- 8642 - [C#] Exception in
SonarAnalyzer.Rules.CSharp.SymbolicExecutionRunner
False Positive
- 8678 - [C#, VB.NET] Fix S2583 FP: Variable Updated in Catch Block
- 8028 - [C#, VB.NET] Fix S2583 FP: Loop with manually incremented counter
- 8449 - [C#, VB.NET] Fix S2589 FP: Change this condition so that it does not always evaluate to 'True'
- 8495 - [C#, VB.NET] Fix S2583/S2589 FP: Return inside lock and using causes FP after the block
- 8428 - [C#, VB.NET] Fix S2583/S2589 FP: For loop with Array.Length
- 8483 - [C#, VB.NET] Fix S4158 FP: Should not report on HashSet.UnionWith for readonly fields.
- 8739 - [C#] Fix S4049 FP: Do not raise on methods with generic parameters
- 8638 - [C#] Fix S2386 & S3887 FP: should not be raised for FrozenDictionary and FrozenSet
- 8611 - [C#] Fix S2372 FP: Add support for method invocations (@rcatley)
- 8567 - [C#] Fix S2325 FP: Primary Constructor Support
False Negative
Improvements
Contributors
Assets 6
9.19
Hello,
small release to enhance the deprecation warning before SonarQube v.10.4, explicitly notifying users analyzing with MSBuild 14 that it's no longer supported while maintaining the deprecation status for MSBuild 15.
Furthermore, we've also introduced three improvements to our rules:
Improvements
- 8609 - AnalysisWarningAnalyzerBase: targeted warnings for MSBuild14/15
- 8559 - [C#, VB.NET] Fix S2178 Rule message: Mention extracting right operand if applicable
- 6139 - [C#, VB.NET] Detect symbol references for @ keyword identifiers
- 3753 - [C#, VB.NET] S1186: also inspect empty
setandinitand empty local functions
9.18
Hi everyone!
This release focuses on fixing false positives and on general improvements that will be included in the upcoming SonarQube 10.4.
False Positive
- 7792 - [C#, VB.NET] Fix S1125 FP: Type check with System.Object
- 7904 - [C#] Fix S1144 FP: Record method PrintMembers
- 6326 - [C#] Fix S2437 FP: None of the operands is 0
- 7620 - [C#] Fix S6618 FP: Projects targeting runtime lower than .NET 6.0
- 8560 - [C#] Fix S4027 FP: BinaryFormatter. Serialization constructors are obsolete and should not be required
Improvements
9.17
Hi everyone!
We are shipping some more improvements to our Symbolic Execution rules reducing the number of false positives.
False Negatives
False Positive
9.16
Hello everyone!
For this release, we focused on improving the symbolic execution engine, specifically rules S2589 and S2583, to increase their accuracy.
We also deprecated rule S4792.
False Positive
- 8470 - [C#, VB.NET] Fix S2583 FP: Should not raise on
doublecondition - 8378 - [C#, VB.NET] Fix S2583 FP: Variable Set in Catch Block
- 8140 - [C#, VB.NET] Fix S2583 FP: nested try catch blocks
- 8094 - [C#, VB.NET] Fix S2583/S2589 FP: Delegate can be null when last invocation is removed but comparing the delegate against null gets reported as always false
- 8326 - [C#] Fix S2589 FP: Var pattern should not raise
- 8324 - [C#] Fix S2259 FP: Raising issue in unreachable code when using declaration pattern on unknown value
- 8149 - [C#] Fix S2589 FP: Switch Expression default case with bool literal
- 8011 - [C#] Fix S2589 FP: Rule is erroneously raised on var-type pattern matches that use when clauses
- 8008 - [C#] Fix S2589 FP: Rule is raised on catch-all tuples in switch expressions
- 7057 - [C#] Fix S2583/S2589 FP: When tuple deconstruction is used
- 8489 - [VB.NET] Fix S1172 FP: VB names should not be case sensitive
Improvements
9.15
Hello everyone,
This release focuses on performance improvement.
We made several changes to how we register our rules for analysis.
Based on our measurement, we improve the build time by 5% to 15%, depending on project size and complexity! 🔥 🚀
Fixes
- 8424 - Razor: SymbolReference locations for
@typeparamare misplaced
Improvements
False Positive
Performance
- 8183 - [C#, VB.NET] Improve S5443 performance: Reuse compiled Regex
- 8185 - [C#, VB.NET] Improve S2068 performance: Reuse compiled Regex
- 8399 - [C#, VB.NET] Reduce time spend in
HasMatchingScopefor SyntaxNode registration - 8406 - [C#, VB.NET] Cache RegisterNodeAction checks result per SyntaxTree
- 7858 - [C#, VB.NET]
FileMetadataAnalyzerandUtilityAnalyzerBaseshould useIsGeneratedfromSyntaxTreeExtensions - 6558 - [C#, VB.NET] Performance: UtilityAnalyzerBase calls GetSemanticModel for each SyntaxTree
- 7368 - [C#, VB.NET] UtilityAnalyzer: Use RegisterCompilationStartAction
- 7411 - [C#, VB.NET] UtilityAnalyzer: Reduce lock contention in
ShouldGenerateMetrics
9.14
Hello everyone!
We are happy to announce that we now have 5 dedicated Blazor rules 🚀 🥳
Special thanks to our contributor (and former colleague) @sagi1623 for fixing #8302.
Improvements
- 8274 - [C#] New rule S6797: Query parameter should be of supported type
- 8278 - [C#] New rule S6798: [JSInvokable] attribute should only be used on public methods
- 8275 - [C#] New rule S6800: Component parameter type should match the route parameter type constraint
- 8277 - [C#] New rule S6802: Using lambda expressions in loops should be avoided in Blazor markup section
- 8338 - [C#] New rule S6803: Parameters with SupplyParameterFromQuery attribute should be used only in routable components
- 8228 - [C#] Deprecate S4212
- 8346 - Create CFG from member node
- 8271 - Adding missing operation wrappers and syntax kinds to the shim layer
- 8230 - Update Signing Certificate
- 8290 - Update RSPEC before 9.14 release
Bug Fixes
- 8310 - [C#, VB.NET] Fix S2068 AD0001: Overflow exception when a configuration file value is a number greater than Int32.MaxValue
False Positive
- 8285 - [C#, VB.NET] Fix S2583 FP: Number constraint from remainder calculation is not correct.
- 8358 - [C#] Fix S2743 FP: Arrow properties do not have static fields
- 7624 - [C#] Fix S3604 FP: Primary constructors
False Negative
- 8335 - [C#] Fix S2259 FN: FlowCaptures in Field/PropertyReference.Instance
- 6050 - [C#] Fix S2930 FN: Track System.Threading.CancellationTokenSource
Performance
Contributors
Assets 6
9.13
Hello everyone!
We are happy to announce that we now officially support .Net 8 and C# 12 🚀 🥳
Special thanks to our contributor (and former colleague) @sagi1623 for fixing #8152.
Due to some technical problems, we could not sign the NuGet packages and we did not push them to nuget.org.
Improvements
- 8234 - [C#, VB.NET] Revert optional plugin support
- 3682 - [C#, VB.NET] Update S4830: add a message on secondary locations
- 3694 - [C#] Update S5773: add a message on secondary locations
- 8159 - Update RSPEC before 9.13 release
Bug Fixes
False Positive
- 8080 - [C#, VB.NET] Fix S2583 FP: Issue is raised when there is comparison to a constant.
- 8045 - [C#, VB.NET] Fix S2583/S2589 FP: Rule S4158 sets number constraint on Length property, unrelated to Collections.
- 8041 - [C#, VB.NET] Fix S4158 FP: The analyzer incorrectly concludes the HashSet is guaranteed to be empty
- 7964 - [C#, VB.NET] Fix S6602 FP: "Find" method should not be used for EF Core queries
- 7329 - [C#, VB.NET] Fix S2368 FP: Do not raise on extension methods when "this" is multidimensional array
- 7582 - [C#] Fix S4158 FP: rule raised where there is no guarantees of emptiness
- 8156 - [C#] Fix S107 FP: Don't raise on Zero-overhead member access methods
- 8087 - [C#] Fix S3253 FP: Conflicts with CS8983 - A 'struct' with field initializers must include an explicitly declared constructor.
- 7991 - [C#] Fix S4070 FP: Raised on flagged enum
- 7935 - [C#] Fix S2092 FP: When the "Secure" field is set in a conditional (may also impact S3330)
- 7867 - [C#] Fix S5693 FP: custom fileUploadSizeLimit parameter ignored when parsing Web.config files
- 7714 - [C#] Fix S3928 FP: Parameter names used into ArgumentException constructors should match an existing one
- 6126 - [C#] Fix S2857 FP: @ parameter with nameof and FN after [tablename]
False Negative
- 8083 - [C#, VB.NET] Fix S2368 FN: constructors
- 8070 - [C#, VB.NET] Fix S2234 FN: this and base constructors
- 8172 - [C#] Fix S1075 FN: Support collections and collection expressions
- 8143 - [C#] Fix S107 FN: support primary constructors
- 8131 - [C#] Fix S1117 FN: support primary constructors
- 8130 - [C#] Fix S4061 FN: support constructors
- 8129 - [C#] Fix S1075 FN: default parameters
- 8122 - [C#] Fix S1118 FN: empty primary constructor
- 8119 - [C#] Fix S3878 FN: collection expressions
- 8103 - [C#] CalculationsShouldNotOverflow.SyntaxKindWalker reduce allocations and evaluations in the hot path
- 8096 - [C#] Fix S3254 FN: primary constructors
- 8092 - [C#] Fix S3253 FN: primary parameterless constructors
- 8071 - [C#] Fix S2234 FN: primary constructors for records, classes and structs
Performance
- 8106 - [C#, VB.NET] LightupHelpers CanWrapNode, CanWrapObject and CanWrapOperation are performance sensitive
Breaking changes
- 8229 - Temporarily disable code signing
Contributors
Assets 6
9.12
Hi everyone,
In this release we added some optimizations, improved a rule's message and deleted a deprecated rule.
Improvements
- 8058 - [C#] Delete S2228
- 8069 - [C#] Improve S3267: Make the message more explicit
- 8060 - [C#] Optimization: TokenType for pointer types, follow-up of #7369
- 8038 - [C#, VB.NET] Optimization: Enable on-demand plugin download
- 8104 - [C#] Use ConvertedType instead of Type for ImplicitObjectCreation
- 8090 - Update RSPEC before 9.12 release
9.11
Hi everyone,
In this release, we added support for incremental PR analysis for .razor files and deleted 4 deprecated rules.